Application Serial No. 09/981,608 - Filed October 16, 2001 
IN THE CLAIMS 

Please amend claims 1, 10, 18, and 26 as indicated below. 

1. (Currently Amended) A method of community access control in a Multi-Community 
Node (MCN), said method comprising: 

receiving a request for access to an object; 

consulting a community information base (CIB) responsive to said request, 
wherein said CIB includes: 

a user community set (UCS) for each user of said MCN , wherein for a 

given user and associated UCS, a given community is a member of 
the UCS if the given user is a member of the given community ; 

an application community set (ACS) for each application on said MCN^ 
wherein for a given application and associated ACS, a given 
community is a member of the ACS if the given application runs 
on behalf of a user in the given community ; and 

an object community set (OCS) for each object residing within said MCN^ 
wherein each PCS is included in an ACS of a process which 
created it ; 

permitting access to said object in response to detecting: 
said request is from a first user; and 

a UCS of satd -the first user is a superset of an OCS of said object; and 
denying access to said object in response to detecting: 
said request is from the first user; and 

a UCS of the first user is not a superset of an OCS of said object; 
permitting access to said object in response to detecting: 
said request is from a process; and 

an ACS of said process is a superset of an OCS of said object ; and 
denying access to said object in response to detecting: 
said request is from said process; and 

an ACS of said process is not a superset of an OCS of said object; 
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wherein a given PCS comprises a first set of communities, a given UCS is a 

superset of the given PCS if at least all of the first set of communities are 
also included in the given UCS, and a given ACS is a superset of the 
given PCS if at least all of the first set of communities are also included in 
the given ACS . 

(Priginal) The method of claim 1, wherein said object is an operating system 
controlled resource. 

(Priginal) The method of claim 2, wherein said object is selected from the group 
consisting of a file system, a storage volume, a directory, a file, a record, a memory 
region, a queue, a pipe, a socket, a port, or an input/output device. 

(Previously presented) The method of claim 1, wherein an initial owner of said object 
is a creator of said object. 

(Priginal) The method of claim 1, further comprising permitting an owner of said 
object to designate a first user as a new owner of said object, in response to detecting 
a UCS of said first user is a superset of said PCS. 

(Priginal) The method of claim 1, further comprising allowing a first process to 
change said PCS of said object to a subset of said ACS of said first process, in 
response to detecting an owner of said first process is an owner of said object and said 
ACS is a superset of said PCS. 

(Canceled). 

(Canceled). 

(Previously presented) The method of claim 1, wherein said CIB further includes a 
creator and a current owner for each object residing within said MCN. 
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(Previously presented) A Multi-Community Node (MCN) comprising: 
a community information base (CIB), wherein said CIB includes: 

a user community set (UCS) for each user of said MCN , wherein for a 

given user and associated UCS, a given community is a member of 
the UCS if the given user is a member of the given community ; 

an application community set (ACS) for each application on said MCN^ 
wherein for a given application and associated ACS, a given 
community is a member of the ACS if the given application runs 
on behalf of a user in the given community ; and 

an object community set (OCS) for each object residing within said MCN^ 
wherein each PCS is included in an ACS of a process which 
created it ; 
a processing unit configured to: 

receive a request for access to an object; 

consult said CIB responsive to said request; 

permit access to said object in response to detecting: 
said request is from a first user; and 

a UCS of satd -the first user is a superset of an object community 
set (OCS) of said object; 
deny access to said object in response to detecting: 
said request is from the first user; and 

a UCS of the first user is not a superset of an OCS of said object; 
permit access to said object in response to detecting: 

said request is from a process; and 

an ACS of said process is a superset of said OCS ; and 
deny access to said object in response to detecting: 

said request is from said process; and 

an ACS of said process is not a superset of an OCS of said object; 
wherein a given OCS comprises a first set of communities, a given UCS is 
a superset of the given OCS if at least all of the first set of 
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communities are also included in the given UCS, and a given ACS 



is a superset of the given PCS if at least all of the first set of 
communities are also included in the given ACS . 

11. (Original) The MCN of claim 10, wherein said object is an operating system 
controlled resource. 

12. (Original) The MCN of claim 11, wherein said object is selected from the group 
consisting of a file system, a storage volume, a directory, a file, a record, a memory 
region, a queue, a pipe, a socket, a port, or an input/output device. 

13. (Previously presented) The MCN of claim 10, wherein an initial owner of said object 
is a creator of said object. 

14. (Original) The MCN of claim 10, wherein said processing unit is further configured 
to permit an owner of said object to designate a first user as a new owner of said 
object, in response to detecting a UCS of said first user is a superset of said OCS. 

15. (Original) The MCN of claim 10, wherein said processing unit is further configured 
to allow a first process to change said OCS of said object to a subset of said ACS of 
said first process, in response to detecting an owner of said first process is an owner 
of said object and said ACS is a superset of said OCS. 

16. (Canceled). 

17. (Previously presented) The MCN of claim 10, wherein said CIB further includes a 
creator and a current owner for each object residing within said MCN. 

18. (Currently Amended) A computer system comprising: 

a computer network; and 
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a multi-community node (MCN) coupled to said computer network, wherein said 
MCN comprises: 

a community information base (CIB), wherein said CIB includes: 

a user community set (UCS) for each user of said MCN , wherein 
for a given user and associated UCS, a given community is 
a member of the UCS if the given user is a member of the 
given community ; 
an application community set (ACS) for each application on said 
MCN , wherein for a given application and associated 
ACS, a given community is a member of the ACS if the 
given application runs on behalf of a user in the given 
community ; and 

an object community set (OCS) for each object residing within said 
MCN , wherein each PCS is included in an ACS of a 
process which created it ; 

a processing unit configured to: 

receive a request for access to an object; 
consult said CIB responsive to said request; 
permit access to said object in response to detecting: 
said request is from a first user; and 

a UCS of satd -the first user is a superset of an object community 
set (OCS) of said object; 
deny access to said object in response to detecting: 
said request is from the first user; and 

a UCS of the first user is not a superset of an OCS of said object; 
permit access to said object in response to detecting: 

said request is from a process; and 

an ACS of said process is a superset of said OCS ; and 
deny access to said object in response to detecting: 

said request is from said process; and 
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an ACS of said process is not a superset of an PCS of said object; 
wherein a given PCS comprises a first set of communities, a given UCS is 
a superset of the given PCS if at least all of the first set of 
communities are also included in the given UCS, and a given ACS 
is a superset of the given PCS if at least all of the first set of 
communities are also included in the given ACS . 

19. (Priginal) The computer system of claim 18, wherein said object is an operating 
system controlled resource. 

20. (Priginal) The computer system of claim 19, wherein said object is selected from the 
group consisting of a file system, a storage volume, a directory, a file, a record, a 
memory region, a queue, a pipe, a socket, a port, or an input/output device. 

21. (Previously presented) The computer system of claim 18, wherein an initial owner of 
said object is a creator of said object. 

22. (Priginal) The computer system of claim 18, wherein said processing unit is further 
configured to permit an owner of said object to designate a first user as a new owner 
of said object, in response to detecting a UCS of said first user is a superset of said 
PCS. 

23. (Priginal) The computer system of claim 18, wherein said processing unit is further 
configured to allow a first process to change said PCS of said object to a subset of 
said ACS of said first process, in response to detecting an owner of said first process 
is an owner of said object and said ACS is a superset of said PCS. 

24. (Canceled). 

25. (Previously presented) The computer system of claim 18, wherein said CIB further 
includes a creator and a current owner for each object residing within said MCN. 
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26. (Currently Amended) A carrier medium comprising program instructions, wherein 
said program instructions are executable to: 

receive a request for access to an object; 

consult a community information base (CIB) responsive to said request, wherein 
said CIB includes: 

a user community set (UCS) for each user of said MCN , wherein for a 

given user and associated UCS, a given community is a member of 
the UCS if the given user is a member of the given community ; 

an application community set (ACS) for each application on said MCN^ 
wherein for a given application and associated ACS, a given 
community is a member of the ACS if the given application runs 
on behalf of a user in the given community ; and 

an object community set (OCS) for each object residing within said MCN^ 
wherein each PCS is included in an ACS of a process which 
created it ; 

permit access to said object in response to detecting: 
said request is from a first user; and 

a UCS of satd -the first user is a superset of an OCS of said object; and 
deny access to said object in response to detecting: 
said request is from the first user; and 

a UCS of the first user is not a superset of an OCS of said object; 
permit access to said object in response to detecting: 
said request is from a process; and 

an ACS of said process is a superset of an OCS of said object ; and 
deny access to said object in response to detecting: 
said request is from said process; and 

an ACS of said process is not a superset of an OCS of said object; 
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wherein a given PCS comprises a first set of communities, a given UCS is a 

superset of the given PCS if at least all of the first set of communities are 
also included in the given UCS, and a given ACS is a superset of the 
given PCS if at least all of the first set of communities are also included in 
the given ACS . 

27. (Priginal) The carrier medium of claim 26, wherein said object is an operating 
system controlled resource. 

28. (Priginal) The carrier medium of claim 27, wherein said object is selected from the 
group consisting of a file system, a storage volume, a directory, a file, a record, a 
memory region, a queue, a pipe, a socket, a port, or an input/output device. 

29. (Previously presented) The carrier medium of claim 26, wherein an initial owner of 
said object is a_creator of said object. 

30. (Priginal) The carrier medium of claim 26, wherein said program instructions are 
further executable to permit an owner of said object to designate a first user as a new 
owner of said object, in response to detecting a UCS of said first user is a superset of 
said PCS. 

31. (Priginal) The carrier medium of claim 26, wherein said program instructions are 
further executable to allow a first process to change said PCS of said object to a 
subset of said ACS of said first process, in response to detecting an owner of said first 
process is an owner of said object and said ACS is a superset of said PCS. 

32. (Canceled). 

33. (Canceled). 

34. (Previously presented) The carrier medium of claim 26, wherein said CIB further 
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includes a creator and a current owner for each object residing within said MCN. 



10/22 



